What is the easiest/most correct way to set up letsencrypt programmatically?

Question

I'm new to this domain, so I'm a little perplexed by the alternatives and differentiating between them.

I have a docker image. When the image is run, a shell script (startup.sh) is run. Variables can be passed in at docker run time. I'd like for each time this image is run as a container, a new https certificate be awarded to that running container. There seem to be multiple ways of doing this, and I'm not sure which is best or simplest. I'd like to know which is best before traveling down any of these roads.

• There's certbot.
• There's a shell script.
• There is a popular ansible role (I like ansible roles because they're robust, self-documenting, and we're already using them some places)
• But now there's an ansible module, and the guy who maintained the ansible role is telling me to use the module instead.
• There is a companion container for nginx (which my image uses).

I'm not sure how any of these really relate to one another. Why would any of the others exist if certbot were enough? I think it's safe to assume that certbot (which was previous called the letsencrypt client I think) predates the rest.

I'd love some guidance as to how to figure out which of these strategies makes most sense -- I just don't know anyone who I could ask.

Thanks!

Answer 1

I suppose this question was too esoteric for people here -- and to be fair, not quite exactly what this forum was for. This is how I chose to solve my problem:

To recap: the problem is that I'm running an ansible-playbook from a dockerfile which needs to establish a letsencrypt certificate each time the docker image built by the dockerfile is run. Instead of having a playbook call a script call a playbook, I chose to have a playbook call a script call a script -- specifically the letsencrypt.sh script. I was considering using certbot, but although seemingly robust, it's quite bulky, and some people don't like it as much.